Manage role permissions

Good evening! I'm currently working on a project for a client and decided to use PostgreSQL in conjunction with Neon DB. I've already created a database, but I'm running into an issue. Three services/microservices need to communicate with the database, but I want to restrict access to only what each service needs to do. I created a role for each service and noticed that all of them have the CREATEDATABASE, CREATEROLE, and many other high-level permissions. However, they shouldn't have permission for these, so I tried to disable them. When I tried to disable them, I received an error:

Could not create function. NOTICE: Terminating connection due to immediate shutdown command Only functions with the CREATEROLE attribute and the ADMIN option in the "primary_api" role can alter this permission. permission denied to alter role

Could not create function. NOTICE: Terminating connection due to immediate shutdown command Only functions with the CREATEROLE attribute and the ADMIN option in the "primary_api" role can alter this permission. permission denied to alter role

I also noticed that the default Neon user (neondb_owner) does not have the SUPERUSER permission. How can I fix this and remove these permissions?

1 Reply

stormy-gold•2y ago

Lol great username 😆 Have you seen our manage database access Docs guide? https://neon.tech/docs/manage/database-access I think you'll find it helpful

Neon

Manage database access - Neon Docs

Each Neon project is created with a default Postgres role that takes its name from your Neon account (the account you registered with). For example, if a user named "Alex" signs up for Neon, the proje...

Gaming

Programming

Manage role permissions

Did you find this page helpful?